From 1303c7974fd4e31f81597554beccb597980c9310 Mon Sep 17 00:00:00 2001
From: Cyberes <cyberes@evulid.cc>
Date: Tue, 20 Jun 2023 10:29:28 -0600
Subject: [PATCH 1/2] reorganize, start arp proxy

---
 bridge/{ => nat}/bridge-lan.sh                |  6 ++--
 bridge/{ => nat}/bridge-reset.sh              |  6 ++--
 bridge/{ => nat}/clone-client-mac.sh          |  6 ++--
 bridge/{ => nat}/get-dhcp-dns.sh              |  0
 bridge/{ => nat}/get_client_mac_address.sh    |  0
 .../nat/nat-install.sh                        |  0
 config/config.sh.example                      | 30 -------------------
 7 files changed, 9 insertions(+), 39 deletions(-)
 rename bridge/{ => nat}/bridge-lan.sh (95%)
 rename bridge/{ => nat}/bridge-reset.sh (93%)
 rename bridge/{ => nat}/clone-client-mac.sh (89%)
 rename bridge/{ => nat}/get-dhcp-dns.sh (100%)
 rename bridge/{ => nat}/get_client_mac_address.sh (100%)
 rename bridge-install.sh => bridge/nat/nat-install.sh (100%)
 delete mode 100644 config/config.sh.example

diff --git a/bridge/bridge-lan.sh b/bridge/nat/bridge-lan.sh
similarity index 95%
rename from bridge/bridge-lan.sh
rename to bridge/nat/bridge-lan.sh
index 3f9f853..2584b32 100755
--- a/bridge/bridge-lan.sh
+++ b/bridge/nat/bridge-lan.sh
@@ -8,10 +8,10 @@ while [ -L "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symli
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/../config/config.sh" ]]; then
-  . "$DIR/../config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/../config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/bridge-reset.sh b/bridge/nat/bridge-reset.sh
similarity index 93%
rename from bridge/bridge-reset.sh
rename to bridge/nat/bridge-reset.sh
index f19c54d..7a8ca74 100755
--- a/bridge/bridge-reset.sh
+++ b/bridge/nat/bridge-reset.sh
@@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/../config/config.sh" ]]; then
-  source "$DIR/../config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  source "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/../config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/clone-client-mac.sh b/bridge/nat/clone-client-mac.sh
similarity index 89%
rename from bridge/clone-client-mac.sh
rename to bridge/nat/clone-client-mac.sh
index ecc9c71..79fd5c9 100755
--- a/bridge/clone-client-mac.sh
+++ b/bridge/nat/clone-client-mac.sh
@@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/../config/config.sh" ]]; then
-  . "$DIR/../config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/../config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/get-dhcp-dns.sh b/bridge/nat/get-dhcp-dns.sh
similarity index 100%
rename from bridge/get-dhcp-dns.sh
rename to bridge/nat/get-dhcp-dns.sh
diff --git a/bridge/get_client_mac_address.sh b/bridge/nat/get_client_mac_address.sh
similarity index 100%
rename from bridge/get_client_mac_address.sh
rename to bridge/nat/get_client_mac_address.sh
diff --git a/bridge-install.sh b/bridge/nat/nat-install.sh
similarity index 100%
rename from bridge-install.sh
rename to bridge/nat/nat-install.sh
diff --git a/config/config.sh.example b/config/config.sh.example
deleted file mode 100644
index ef4bac5..0000000
--- a/config/config.sh.example
+++ /dev/null
@@ -1,30 +0,0 @@
-# Name of the Ethernet interface that the bridged client will plug into.
-# This will be your LAN port.
-ETH_IFACE="enp0s31f6"
-
-# Name of the WiFi interface that will connect to the wider network.
-# This will be your WAN port.
-WLAN_IFACE="wlxc8d7193710f4"
-
-# Name of the WiFi network to connect to.
-WIFI_SSID="Example-Network"
-
-# "psk": WPA2-PSK auth.
-# "peap": WPA2-Enterprise in PEAP mode. Make sure to fill out the RADIUS login details below.
-# WIFI_AUTH_MODE="peap"
-# TODO: implement psk mode
-
-# RADIUS login
-WIFI_USERNAME="username"
-WIFI_PWD="password"
-
-# Make this port accessible on the router and have its SSH server on it.
-# The installer will modify the SSH server's config for you.
-ROUTER_SSH_PORT=64535
-
-# "transparent": the bridge device clones the client's MAC address and NATs traffic to a private LAN. Only supports one bridged client.
-# TODO: support bridging multiple clients connected to an ethernet hub
-# BRIDGE_MODE="transparent"
-
-# Don't prompt the user for confirmation
-NON_INTERACTIVE=false

From 350ff48e72bc87d02fbf6607be1e33bec0e3088c Mon Sep 17 00:00:00 2001
From: Cyberes <cyberes@evulid.cc>
Date: Tue, 20 Jun 2023 12:03:35 -0600
Subject: [PATCH 2/2] reorganize, add arp proxy

---
 .gitignore                                    |   3 +-
 bridge/nat/bridge-reset.sh                    |   2 +-
 bridge/nat/nat-install.sh                     |   6 +-
 .../nat/wlan2eth.service                      |   2 +-
 wlan2eth.sh => bridge/nat/wlan2eth.sh         |   6 +-
 bridge/proxyarp/arp-install.sh                | 192 ++++++++++++++++++
 config/nat-config.sh.example                  |  22 ++
 7 files changed, 224 insertions(+), 9 deletions(-)
 rename wlan2eth.service => bridge/nat/wlan2eth.service (79%)
 rename wlan2eth.sh => bridge/nat/wlan2eth.sh (90%)
 create mode 100755 bridge/proxyarp/arp-install.sh
 create mode 100644 config/nat-config.sh.example

diff --git a/.gitignore b/.gitignore
index ae5d28e..9046928 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 .idea
-config/config.sh
+config/*.sh
+!config/*.sh.example
 
 # ---> Python
 # Byte-compiled / optimized / DLL files
diff --git a/bridge/nat/bridge-reset.sh b/bridge/nat/bridge-reset.sh
index 7a8ca74..7cc9375 100755
--- a/bridge/nat/bridge-reset.sh
+++ b/bridge/nat/bridge-reset.sh
@@ -12,7 +12,7 @@ done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
 if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
-  source "$DIR/../../config/nat-config.sh"
+  . "$DIR/../../config/nat-config.sh"
 else
   echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
diff --git a/bridge/nat/nat-install.sh b/bridge/nat/nat-install.sh
index 4c7a146..4c9924c 100755
--- a/bridge/nat/nat-install.sh
+++ b/bridge/nat/nat-install.sh
@@ -13,10 +13,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/config/config.sh" ]]; then
-  source "$DIR/config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/wlan2eth.service b/bridge/nat/wlan2eth.service
similarity index 79%
rename from wlan2eth.service
rename to bridge/nat/wlan2eth.service
index 9fbee27..64eaea4 100644
--- a/wlan2eth.service
+++ b/bridge/nat/wlan2eth.service
@@ -6,7 +6,7 @@ After=basic.target network.target
 
 [Service]
 SyslogIdentifier=wlan2eth
-ExecStart=/bin/bash /opt/wlan2eth/wlan2eth.sh
+ExecStart=/bin/bash /opt/wlan2eth/bridge/nat/wlan2eth.sh
 Restart=always
 RestartSec=2
 
diff --git a/wlan2eth.sh b/bridge/nat/wlan2eth.sh
similarity index 90%
rename from wlan2eth.sh
rename to bridge/nat/wlan2eth.sh
index 33abd67..8d778df 100755
--- a/wlan2eth.sh
+++ b/bridge/nat/wlan2eth.sh
@@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/config/config.sh" ]]; then
-  source "$DIR/config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/proxyarp/arp-install.sh b/bridge/proxyarp/arp-install.sh
new file mode 100755
index 0000000..96f8b65
--- /dev/null
+++ b/bridge/proxyarp/arp-install.sh
@@ -0,0 +1,192 @@
+#!/bin/bash
+
+SOURCE=${BASH_SOURCE[0]}
+while [ -L "$SOURCE" ]; do
+  DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
+  SOURCE=$(readlink "$SOURCE")
+  [[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE
+done
+DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
+
+if [[ -f "$DIR/../../config/arp-config.sh" ]]; then
+  . "$DIR/../../config/arp-config.sh"
+else
+  echo "$DIR/../../config/arp-config.sh missing!"
+  exit 1
+fi
+
+if [ "$(id -u)" -ne 0 ]; then
+  echo 'This script must be run as root.' >&2
+  exit 1
+fi
+
+# ==============================================================================
+# Setup
+
+echo -e "# PREPARE ENVIRONMENT #"
+
+# Reset interfaces
+iptables -X
+iptables -F
+iptables -t nat -X
+iptables -t nat -F
+echo "Erased all iptables rules."
+
+ifconfig $WLAN_IFACE down
+ifconfig $WLAN_IFACE hw ether $(ethtool -P $WLAN_IFACE | awk '{print $3}')
+ifconfig $WLAN_IFACE up
+echo "Reset the $WLAN_IFACE WiFi interface."
+
+while true; do
+  WLAN_IFACE_IP=$(ip -4 -br addr show $WLAN_IFACE | grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")
+  if [ -n "${WLAN_IFACE_IP}" ]; then
+    echo "Got it!"
+    break
+  fi
+  echo "Waiting for $WLAN_IFACE to get an IP..."
+  sleep 5
+done
+
+# We only need to get the $WLAN_IFACE IP address and will copy it over to $ETH_IFACE later
+WLAN_NETMASK=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
+WLAN_NETMASK_CIDR=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
+
+if $NON_INTERACTIVE; then
+  NON_INTERACTIVE_APT="-y"
+else
+  NON_INTERACTIVE_APT=""
+fi
+
+# ==============================================================================
+# Install stuff
+
+echo -e "\n# INSTALL THINGS #"
+echo -e "Upgrading...\n"
+
+apt-get update
+apt-get upgrade $NON_INTERACTIVE_APT
+
+echo -e "\n"
+
+THINGS_TO_INSTALL="net-tools ethtool openssh-server parprouted dhcp-helper"
+
+if ! $NON_INTERACTIVE; then
+  echo "Going to install: $THINGS_TO_INSTALL"
+  read -p "Press ENTER to continue or CTRL+C to cancel..."
+fi
+
+echo -e "\n"
+
+apt-get install $NON_INTERACTIVE_APT $THINGS_TO_INSTALL
+
+if ! $NON_INTERACTIVE; then
+  echo -e "\nGoing to replace networking with systemd-networkd."
+  read -p "Press ENTER to continue or CTRL+C to cancel..."
+fi
+
+systemctl stop dhcp-helper
+
+apt-get autoremove --purge $NON_INTERACTIVE_APT ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common
+
+echo -e "\n\nConnecting to WiFi..."
+
+WPA_SUPP_FILE="/etc/wpa_supplicant/wpa_supplicant-$WLAN_IFACE.conf"
+cat >"$WPA_SUPP_FILE" <<EOF
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+update_config=1
+country=USifconfig $WLAN_IFACE
+network={
+ ssid="$WIFI_SSID"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="$WIFI_USERNAME"
+ password="$WIFI_PWD"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+EOF
+chmod 600 "$WPA_SUPP_FILE"
+echo "Created wpa_supplicant: $WPA_SUPP_FILE"
+systemctl disable wpa_supplicant.service
+systemctl stop wpa_supplicant.service
+systemctl enable --now wpa_supplicant@$WLAN_IFACE.service
+systemctl status --no-pager wpa_supplicant@$WLAN_IFACE.service
+echo ""
+ifconfig $WLAN_IFACE
+
+echo -e "\n"
+NET_CONF_FILE="/etc/systemd/network/08-$WLAN_IFACE.network"
+cat >"$NET_CONF_FILE" <<EOF
+[Match]
+Name=$WLAN_IFACE
+[Network]
+IPForward=yes
+DHCP=yes
+EOF
+echo "Created network config for the $WLAN_IFACE WiFi interface."
+echo -e "Finishing systemd-networkd install...\n"
+apt-get install $NON_INTERACTIVE_APT libnss-resolve
+ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+systemctl enable --now systemd-resolved.service
+systemctl restart systemd-networkd.service
+
+sed -i'' 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf"
+
+# ==============================================================================
+# Configure
+
+# Configure dhcp-helper.
+DHCP_IPS=""
+for ip in $DHCP_SERVERS; do
+    DHCP_IPS+=" -s $ip"
+done
+cat > /etc/default/dhcp-helper <<EOF
+DHCPHELPER_OPTS="$DHCP_IPS"
+EOF
+
+
+# Enable avahi reflector if it's not already enabled.
+sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
+grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || {
+  printf "something went wrong...\n\n"
+  printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n"
+}
+
+cat > /etc/systemd/system/parprouted.service <<EOF
+[Unit]
+Description=proxy arp routing service
+Documentation=https://raspberrypi.stackexchange.com/q/88954/79866
+#Requires=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
+#After=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
+After=network.target
+
+[Service]
+Type=forking
+# Restart until $WLAN_IFACE gained carrier
+Restart=on-failure
+RestartSec=5
+TimeoutStartSec=30
+# clone the dhcp-allocated IP to $ETH_IFACE so dhcp-helper will relay for the correct subnet
+ExecStartPre=/bin/bash -c '/sbin/ip addr add \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
+ExecStartPre=/sbin/ip link set dev $ETH_IFACE up
+ExecStartPre=/sbin/ip link set $WLAN_IFACE promisc on
+ExecStart=-/usr/sbin/parprouted $ETH_IFACE $WLAN_IFACE
+ExecStopPost=/sbin/ip link set $WLAN_IFACE promisc off
+ExecStopPost=/sbin/ip link set dev $ETH_IFACE down
+ExecStopPost=/bin/bash -c '/sbin/ip addr del \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
+
+[Install]
+WantedBy=wpa_supplicant.service
+EOF
+
+systemctl daemon-reload
+systemctl enable --now parprouted dhcp-helper
+systemctl restart parprouted dhcp-helper
+
+systemctl status --no-pager dhcp-helper
+systemctl status --no-pager parprouted
+
+echo -e "\n==============\nDone!\nNow reboot!"
diff --git a/config/nat-config.sh.example b/config/nat-config.sh.example
new file mode 100644
index 0000000..0680db1
--- /dev/null
+++ b/config/nat-config.sh.example
@@ -0,0 +1,22 @@
+# Name of the Ethernet interface that the bridged client will plug into.
+# This will be your LAN port.
+ETH_IFACE="enp0s31f6"
+
+# Name of the WiFi interface that will connect to the wider network.
+# This will be your WAN port.
+WLAN_IFACE="wlxc8d7193710f4"
+
+# Name of the WiFi network to connect to.
+WIFI_SSID="Example-Network"
+
+# "psk": WPA2-PSK auth.
+# "peap": WPA2-Enterprise in PEAP mode. Make sure to fill out the RADIUS login details below.
+# WIFI_AUTH_MODE="peap"
+# TODO: implement psk mode
+
+# RADIUS login
+WIFI_USERNAME="username"
+WIFI_PWD="password"
+
+# Don't prompt the user for confirmation
+NON_INTERACTIVE=false